services:
  bastion:
    build:
      context: ..
      dockerfile: stack/Dockerfile
    network_mode: host
    restart: unless-stopped
    env_file: .env
    volumes:
      - bastion-state:/data/state
      - bastion-tftp:/data/tftp
      - bastion-http:/data/http
      - ${SSH_KEY_PATH:-~/.ssh}:/root/.ssh:ro
    cap_add:
      - NET_ADMIN
      - NET_RAW

  cockroachdb:
    image: cockroachdb/cockroach:latest-v24.3
    command: start-single-node --insecure --store=type=mem,size=256MiB
    ports:
      - "26257:26257"
      - "8081:8080"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health?ready=1"]
      interval: 5s
      timeout: 5s
      retries: 10

volumes:
  bastion-state:
  bastion-tftp:
  bastion-http: